docs(technical advisory): add login ui default context (#6695)

* docs(technical advisory): add login ui default context * Update docs/docs/support/advisory/a10003.md Co-authored-by: Fabi <fabienne@zitadel.com> --------- Co-authored-by: Fabi <fabienne@zitadel.com>
2025-02-28 20:37:23 +00:00 · 2023-10-11 09:20:48 +03:00 · 2023-10-11 09:20:48 +03:00 · f2d1cd2045
commit f2d1cd2045
parent 5bc71f7665
3 changed files with 66 additions and 4 deletions
--- a/docs/docs/support/advisory/a10002.md
+++ b/docs/docs/support/advisory/a10002.md
@ -6,14 +6,14 @@ title: Technical Advisory 10002

 Version: TBD

-Date: Calendar week 40/41
+Date: Calendar week 44

 ## Description

 Since Angular Material v15 many of the UI components have been refactored
 to be based on the official Material Design Components for Web (MDC).
 These refactored components do not support dynamic styling, so in order to keep the library up-to-date,
-the console UI will loose its dynamic theming capability.
+the console UI will lose its dynamic theming capability.

 ## Statement

@ -23,7 +23,7 @@ As soon as the release version is published, we will include the version here.
 ## Mitigation

 If you need users to have your branding settings
-(background-, button-, link and text coloring), you should implemement your
+(background-, button-, link and text coloring), you should implement your
 own user facing UI yourself and not use ZITADELs console UI. Assets like your logo and icons will still be used.

 ## Impact
--- a/docs/docs/support/advisory/a10003.md
+++ b/docs/docs/support/advisory/a10003.md
@ -0,0 +1,46 @@
+---
+title: Technical Advisory 10003
+---
+
+## Date and Version
+
+Version: 2.38.0
+
+Date: Calendar week 41
+
+## Description
+
+When users are redirected to the ZITADEL Login-UI without any organizational context, they're currently presented a login screen,
+based on the instance settings, e.g. available IDPs and possible login mechanisms. If the user will then register himself,
+by the registration form or through an IDP, the user will always be created on the default organization.
+
+This behaviour led to confusion, e.g. when activating IDPs on default org would not show up in the Login-UI, because they would still be loaded from the instance settings.
+
+To improve this, we're introducing the following change:
+If users are redirected to the Login-UI without any organizational context, they will be presented a login screen based on the settings of the default organization (incl. IDPs).
+
+:::note
+If the registration (and also authentication) needs to occur on a specified organization, apps can already
+specify this by providing [an organization scope](https://zitadel.com/docs/apis/openidoauth/scopes#reserved-scopes).
+:::
+
+## Statement
+
+This change was tracked in the following PR:
+[feat(login): use default org for login without provided org context](https://github.com/zitadel/zitadel/pull/6625), which was released in Version [2.38.0](https://github.com/zitadel/zitadel/releases/tag/v2.38.0)
+
+## Mitigation
+
+There's no action needed on your side currently as existing instances are not affected directly and IAM_OWNER can activate the flag at their own pace.
+
+## Impact
+
+Once this update has been released and deployed, newly created instances will always use the default organization and its settings as default context for the login.
+
+Already existing instances will still use the instance settings by default and can switch to the new default by ["Activating the 'LoginDefaultOrg' feature"](https://zitadel.com/docs/apis/resources/admin/admin-service-activate-feature-login-default-org) through the Admin API.
+**This change is irreversible!**
+
+:::note
+Regardless of the change:
+If a known username is entered on the first screen, the login switches its context to the organization of that user and settings will be updated to that organization as well.
+:::
--- a/docs/docs/support/technical_advisory.mdx
+++ b/docs/docs/support/technical_advisory.mdx
@ -68,7 +68,23 @@ We understand that these advisories may include breaking changes, and we aim to
      ZITADEL hosted Login-UI is not affected by this change.
    </td>
    <td>TBD</td>
-      <td>Calendar week 40/41</td>
+    <td>Calendar week 44</td>
+  </tr>
+  <tr>
+    <td>
+      <a href="./advisory/a10003">A-10003</a>
+    </td>
+    <td>Login-UI - Default Context</td>
+    <td>Breaking Behaviour Change</td>
+    <td>
+        When users are redirected to the ZITADEL Login-UI without any organizational context,
+        they're currently presented a login screen, based on the instance settings,
+        e.g. available IDPs and possible login mechanisms. If the user will then register himself,
+        by the registration form or through an IDP, the user will always be created on the default organization.
+        With the introduced change, the settings will no longer be loaded from the instance, but rather the default organization directly.
+    </td>
+    <td>2.38.0</td>
+    <td>Calendar week 41</td>
  </tr>
 </table>